Main Area and Open Discussion > General Software Discussion

False Positive on Software (Generic.Dx) by McAfee Today: McAfee Response and Fix

<< < (2/13) > >>

app103:
Sometimes I wonder about these daily updates issued by most antivirus vendors.

How possible is it that most antivirus vendors only issue protection from new threats once a week and spend the rest of the week issuing fixes for all the false positives from them?

The attitude of the antivirus vendors is that a false positive is better than a false negative, and to a certain degree I would have to agree with them on that, but when a certain particular antivirus has a track record of more false positives than just about any other and it's a big name that is trusted & used by so many, it creates a situation where users believe the alerts and it can ruin a coder's reputation in a single day, especially a young one that hasn't released much yet.

About 3 years ago, a kid from my chatroom that was just learning C created a really cool little utility and I released it on my group's site. There was nothing wrong with it...it was clean.

About a week later, people came flooding into the chatroom accusing my group of releasing malware, and this kid in particular. All of them had something in common...they were all McAfee users.

I sent a copy of the file to McAfee, along with the source, and never heard from them about it beyond an email confirming that I had sent them the file and that they would look into it.

This kid had no idea what in his code could have set off the false positive so he had no idea how to fix it. What ended up happening is another member of my group created their own version of the utility, an almost clone of the original, and we replaced the one on the site with that one. Sad, really, because to this day I feel the original is the better version. I wish I could have left the original on the site, but McAfee doesn't care about fixing their crap to protect the reputation of an unknown beginning coder.

Mouser, consider yourself lucky that they responded and issued any kind of fix at all. It means they think you are important enough to the world of software to do so. If you were a complete unknown and LBC was your first release, you'd be waiting a long long time.

kelibeck:
Thanks for the info but the link detailing how to install EXTRA.DLL only applies to the Enterprise edition of McAfee. I have the Home/Home Office edition, and after a lot of hastle managed to get the following advice from McAfee

How to install an EXTRA.DAT
Summary: This document will explain how to apply an EXTRA.DAT file.


Affected Suites: Affected Products: Affected Operating Systems:
Total Protection
Internet Security Suite
PC Protection Plus
VirusScan Plus
 VirusScan
 Windows 2000
Windows XP
Windows Vista

 

Description
EXTRA.DAT files contain information that is used by VirusScan to detect new viruses. When a major virus is discovered, and extra detection is required, an EXTRA.DAT file is made available until the normal VirusScan update is released.

EXTRA.DATs can be downloaded from the the Newly Discovered Threats page, the Recently Updated Threats page, or the Removal Instructions section of the description for the major virus. When an EXTRA.DAT file is added to the VirusScan folder on your hard drive, it is used by the product, in addition to the normal DAT files, to detect the new virus. This enables VirusScan to protect your computer from the new virus until the official update is released that contains the virus detection/removal information. After the official update is released and installed, the EXTRA.DAT file is no longer necessary.

EXTRA.DAT files are good for 14 days, at which time they disable themselves. McAfee recommends you keep your VirusScan up to date by downloading and installing the official daily updates.

Solution
EXTRA.DAT instructions
EXTRA.DAT should be copied into the same directory where avvclean.dat, avvnames.dat, and avvscan.dat are.

For example:
C:\Program Files\McAfee\VirusScan\DAT\xxxx.x
(where xxxx.x is the DAT version number)

Note: For Windows Vista 64-bit computers, the directory is: C:\Program Files (x86)\McAfee\VirusScan\DAT\xxxx.x.


Restart your computer.
Additional information can be found at the McAfee Threat Center: http://vil.nai.com/vil/systemhelpdocs/extradat.aspx.



Last Modified: 12/05/07
Modified by: asj


Once installed the EXTRA.DLL worked fine

cranioscopical:
WOW!

Today, the Generic.dx Trojan that I run on my machine informed me that McAfee Virus Scan has screwed up again.

Thank goodness for Generic.dx.  Thanks to its timely warning I was able to deploy the MVS-removal tool in time to
prevent every executable on my machine from being moved into quarantine.

 :huh:

mouser:
 ;D ;D ;D

mouser:
To follow up, it looks like McCafee pushed out an update as promised that stops labels the programs as having generic.dx infection.

McAfee users can now reinstall the same programs, or even just restore them from quarantine area of McAfee control center (Restore->Files).

Navigation

[0] Message Index

[#] Next page

[*] Previous page